| The Linux kernel has a vulnerability in the Trusted Platform Module (TPM) event log handling code, specifically in the `tpm_read_log_efi` function. When this function is called multiple times, such as when loading and unloading a TPM2 driver multiple times, the global variable `efi_tpm_final_log_size` can become a negative number due to integer underflow. |
| |
| This occurs because the subtraction of `final_events_preboot_size` happens each time `tpm_read_log_efi` is called, causing the global variable to decrement. To fix this issue, a local variable should be used instead of the global one, avoiding the integer underflow. |
| |
| The affected kernel versions are 5.3 and later, introduced by commit 166a2809d65b, and fixed in various later kernel releases (5.4.118, 5.10.36, 5.11.20, 5.12.3, and 5.13). The affected file is `drivers/char/tpm/eventlog/efi.c`. |
| |
| To mitigate this issue, it is recommended to update to the latest stable kernel version. If updating is not possible, individual changes can be cherry-picked from the specified commits. However, the Linux kernel community does not recommend or support cherry-picking individual commits, as they are never tested alone but rather as part of a larger kernel release. |
| |
